Skip to content

Cryptocurrency and Cybersecurity: Strange Bedfellows

Cryptocurrency arrived just over a decade ago promising to revolutionize the economy as we know it. Among many other bold claims, cryto was supposed to boost trust and enhance cybersecurity by recording all transactions on blockchains, an immutable ledger that makes the participants transparent to (theoretically) hold them accountable for misbehavior and deter it as a result. Evangelists claimed that the rise of cryptocurrency would prevent a whole host of cyber and financial offenses, eliminating a major source of risk from the marketplace and wiping out huge categories of crime.

But that utopia has failed to materialize. And like so many other things born from good intentions, the actual result may be a net negative. Has cryptocurrency been good for cybersecurity? The answer is no…and it could get even worse.


Where Crypto Went Wrong

If you traced the upward trajectory of cryptocurrency, a parallel line would run alongside representing the rise of ransomware. Both have exploded over the same period, which isn’t a coincidence.

The first cracks in the claim that cryptocurrency was more secure started to show when ransomware gangs began demanding payment in Bitcoin and other tokens. In an earlier era, attackers struggled to extort direct payments from their victims because it wasn’t feasible to get cash payments and too risky to work through traditional bank accounts. Hackers had to confine themselves to stealing valuable things like credit card or social security numbers and monetizing them on the black market. It kept cyber crime in check by making it harder and less profitable…until crypto came along.

Cryptocurrencies replace traditional financial institutions like banks with digital wallets. And while the transactions in those wallets are highly transparent, the identity of the people behind them can be very opaque. With crypto, hackers could demand payments from victims and receive the money without exposing themselves (thanks to a convoluted but fascinating technique called crypto tumbling). The ability to receive ransoms without putting themselves at risk made ransomware an extremely lucrative endeavor (and quite simple too), attracting more criminals, prompting more attacks, and inflating ransomware demands, only to start the cycle over again. Ransomware hit record highs in 2021 and will again in 2022. Crypto deserves a lot of the blame.

More recently, crypto has evolved from a tool of cybercrime into a target. Hackers, in June, made off with $100 million from a blockchain bridge that facilitates crypto transfers in one instance. In another, they stole NFT’s worth $360,000 through a fairly simple phishing attack. These are just two of many attacks targeted at cypto and adjacent technologies over the last few years; $14 billion was lost in 2021 alone. Don’t expect things to slow down anytime soon.


Crypto and the Future of Cybersecurity

With just a little hindsight, it seems quite obvious that crypto would undermine cybersecurity more than anything else. These currencies have attracted many billions of dollars in investment, run on under-cooked technologies, and operate outside most regulatory frameworks. In that context, crypto looks a lot like a stagecoach full of gold traveling through remote territory – of course it attracts attackers. And of course it will continue to.

Which raises a lot of difficult questions. First and foremost, what will be left after the ongoing crypto meltdown, where coins are failing in spectacular fashion and investors are fleeing? Will crypto remain a viable and valuable target or will the concept fail and die out in coming years? There are compelling arguments on both sides.

Also important will be the evolving regulatory framework around crypto. Tougher regulations look all but inevitable, especially as more of our economic infrastructure shifts into digital spaces, but what form those regulations take and when they will arrive remains to be seen. Being treated more like traditional securities won’t necessarily make crypto less susceptible to attack, and could have the effect of making crypto less innovative around defense. My purpose is not to argue for or against crypto regulations but rather to highlight that all regulations, especially those in an emerging space, have unpredictable outcomes and unintended consequences. Regulations could make crypto more secure, or not.

Advancements in blockchain and cryptography are another important element in this equation. While they have not lived up to the hype thus far, they are still interesting concepts with plenty of room to mature. It’s not hard to imagine a scenario where crypto as we currently understand it goes away but the technologies that made it possible develop into standard cybersecurity tools. That is to say, crypto could have a lasting positive impact on cybersecurity even if it takes much longer than initially advertised.

This list of questions is hardly complete. And, quite frankly, the answers seem especially elusive. Who knows what the future of cryptocurrency looks like and whether it will be a friend or foe to cybersecurity in the end.

Time will tell. In the meantime, we need to be honest about where/how cypto helps and hurts cybersecurity and factor that into our evolving understanding of cyber risk. I’m sure there are crypto skeptics and believers both in this community. What do you think the effect of crypto has been on cybersecurity, and where does it go from here? More broadly, what does cybersecurity mean in the world of Web3?

#cryptocurrency #cybersecurity #bitcoin #blockchain #infosec #vicarius_blog

About Version 2
Version 2 is one of the most dynamic IT companies in Asia. The company develops and distributes IT products for Internet and IP-based networks, including communication systems, Internet software, security, network, and media products. Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About Topia
TOPIA is a consolidated vulnerability management platform that protects assets in real time. Its rich, integrated features efficiently pinpoint and remediate the largest risks to your cyber infrastructure. Resolve the most pressing threats with efficient automation features and precise contextual analysis.

×

Hello!

Click one of our contacts below to chat on WhatsApp

×